{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,28]],"date-time":"2025-09-28T20:45:18Z","timestamp":1759092318403,"version":"3.41.0"},"reference-count":44,"publisher":"Association for Computing Machinery (ACM)","issue":"3","license":[{"start":{"date-parts":[[2007,9,1]],"date-time":"2007-09-01T00:00:00Z","timestamp":1188604800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Auton. Adapt. Syst."],"published-print":{"date-parts":[[2007,9]]},"abstract":"<jats:p>Recently, network security has become an extremely vital issue that beckons the development of accurate and efficient solutions capable of effectively defending our network systems and the valuable information journeying through them. In this article, a distributed multiagent intrusion detection system (IDS) architecture is proposed, which attempts to provide an accurate and lightweight solution to network intrusion detection by tackling issues associated with the design of a distributed multiagent system, such as poor system scalability and the requirements of excessive processing power and memory storage. The proposed IDS architecture consists of (i) the Host layer with lightweight host agents that perform anomaly detection in network connections to their respective hosts, and (ii) the Classification layer whose main functions are to perform misuse detection for the host agents, detect distributed attacks, and disseminate network security status information to the whole network. The intrusion detection task is achieved through the employment of the lightweight Adaptive Sub-Eigenspace Modeling (ASEM)-based anomaly and misuse detection schemes. Promising experimental results indicate that ASEM-based schemes outperform the KNN and LOF algorithms, with high detection rates and low false alarm rates in the anomaly detection task, and outperform several well-known supervised classification methods such as C4.5 Decision Tree, SVM, NN, KNN, Logistic, and Decision Table (DT) in the misuse detection task. To assess the performance in a real-world scenario, the Relative Assumption Model, feature extraction techniques, and common network attack generation tools are employed to generate normal and anomalous traffic in a private LAN testbed. Furthermore, the scalability performance of the proposed IDS architecture is investigated through the simulation of the proposed agent communication scheme, and satisfactory linear relationships for both degradation of system response time and agent communication generated network traffic overhead are achieved.<\/jats:p>","DOI":"10.1145\/1278460.1278463","type":"journal-article","created":{"date-parts":[[2007,10,14]],"date-time":"2007-10-14T12:41:11Z","timestamp":1192365671000},"page":"9","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":29,"title":["Network intrusion detection through Adaptive Sub-Eigenspace Modeling in multiagent systems"],"prefix":"10.1145","volume":"2","author":[{"given":"Mei-Ling","family":"Shyu","sequence":"first","affiliation":[{"name":"University of Miami, Coral Gables, FL"}]},{"given":"Thiago","family":"Quirino","sequence":"additional","affiliation":[{"name":"University of Miami, Coral Gables, FL"}]},{"given":"Zongxing","family":"Xie","sequence":"additional","affiliation":[{"name":"University of Miami, Coral Gables, FL"}]},{"given":"Shu-Ching","family":"Chen","sequence":"additional","affiliation":[{"name":"Florida International University, Miami, FL"}]},{"given":"Liwu","family":"Chang","sequence":"additional","affiliation":[{"name":"Naval Research Laboratory, Washington, DC"}]}],"member":"320","published-online":{"date-parts":[[2007,9]]},"reference":[{"key":"e_1_2_1_1_1","unstructured":"Anderson D. Frivold T. and Valdes A. 1995. Next-generation intrusion detection expert system (NIDES): A summary. In SRI International Technical Report. Vol. 95. Menlo Park CA. 28--42.  Anderson D. Frivold T. and Valdes A. 1995. Next-generation intrusion detection expert system (NIDES): A summary. In SRI International Technical Report. Vol. 95. Menlo Park CA. 28--42."},{"volume-title":"Proceedings in Computational Statistics. Prague, Czech Republic","author":"Branden K.","key":"e_1_2_1_2_1","unstructured":"Branden , K. and Hubert , M . 2004. Robust classification in high dimensional data . In Proceedings in Computational Statistics. Prague, Czech Republic , 1925--1932. Branden, K. and Hubert, M. 2004. Robust classification in high dimensional data. In Proceedings in Computational Statistics. Prague, Czech Republic, 1925--1932."},{"key":"e_1_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.chemolab.2005.03.002"},{"key":"e_1_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/342009.335388"},{"key":"e_1_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/383034.383037"},{"key":"e_1_2_1_6_1","unstructured":"DARPA 2007. Intrusion detection evaluation data sets. available at http:\/\/www.ll.mit.edu\/.  DARPA 2007. Intrusion detection evaluation data sets. available at http:\/\/www.ll.mit.edu\/."},{"key":"e_1_2_1_7_1","unstructured":"D-ITG. 2006. Distributed internet traffic generator. available at http:\/\/www.grid.unina.it\/software\/ITG\/.  D-ITG. 2006. Distributed internet traffic generator. available at http:\/\/www.grid.unina.it\/software\/ITG\/."},{"key":"e_1_2_1_8_1","volume-title":"DARPA Information Survivability Conference and Exposition (DISCEX II'01)","volume":"2","author":"Dasgupta D.","unstructured":"Dasgupta , D. and Brian , H . 2001. Mobile security agents for network traffic analysis . In DARPA Information Survivability Conference and Exposition (DISCEX II'01) . Vol. 2 . Anaheim, CA. 332--340. Dasgupta, D. and Brian, H. 2001. Mobile security agents for network traffic analysis. In DARPA Information Survivability Conference and Exposition (DISCEX II'01). Vol. 2. Anaheim, CA. 332--340."},{"key":"e_1_2_1_9_1","unstructured":"Ertoz L. Eilertson E. Lazarevic A. Tan P. Srivastava J. Kumar V. and Dokas P. 2004. The MINDS---Minnesota Intrusion Detection System Next Generation Data Mining. MIT Press Cambridge MA.  Ertoz L. Eilertson E. Lazarevic A. Tan P. Srivastava J. Kumar V. and Dokas P. 2004. The MINDS---Minnesota Intrusion Detection System Next Generation Data Mining. MIT Press Cambridge MA."},{"key":"e_1_2_1_10_1","unstructured":"Ethereal. 2007. Ethereal---A network protocol analyzer. available at http:\/\/www.ethereal.com.  Ethereal. 2007. Ethereal---A network protocol analyzer. available at http:\/\/www.ethereal.com."},{"volume-title":"Proceedings of the 11th Annual Internet Society Conference","author":"Foukia N.","key":"e_1_2_1_11_1","unstructured":"Foukia , N. , Hulaas , J. , and Harms , J . 2001. Intrusion detection with mobile agents . In Proceedings of the 11th Annual Internet Society Conference . Stockholm, Sweeden. Foukia, N., Hulaas, J., and Harms, J. 2001. Intrusion detection with mobile agents. In Proceedings of the 11th Annual Internet Society Conference. Stockholm, Sweeden."},{"key":"e_1_2_1_12_1","doi-asserted-by":"crossref","unstructured":"Greenacre M. and Blasius J. 2006. Multiple Correspondence Analysis and Related Methods. Chapman and Hall Boca Raton FL USA.  Greenacre M. and Blasius J. 2006. Multiple Correspondence Analysis and Related Methods. Chapman and Hall Boca Raton FL USA.","DOI":"10.1201\/9781420011319"},{"volume-title":"Theory and Applications of Correspondence Analysis","author":"Greenacre M. J.","key":"e_1_2_1_13_1","unstructured":"Greenacre , M. J. 1984. Theory and Applications of Correspondence Analysis . Academic Press , London . Greenacre, M. J. 1984. Theory and Applications of Correspondence Analysis. Academic Press, London."},{"key":"e_1_2_1_14_1","unstructured":"Han B. 2003. Support vector machines. available at http:\/\/www.ist.temple.edu\/~vucetic\/cis526fall2003\/lecture8.doc.  Han B. 2003. Support vector machines. available at http:\/\/www.ist.temple.edu\/~vucetic\/cis526fall2003\/lecture8.doc."},{"key":"e_1_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1016\/S0164-1212(02)00092-4"},{"key":"e_1_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1016\/0167-4048(93)90110-Q"},{"key":"e_1_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1007\/s003579900044"},{"key":"e_1_2_1_18_1","unstructured":"InsecureOrg. 2006. Nmap free security scanner tools and hacking resources. available at http:\/\/insecure.org.  InsecureOrg. 2006. Nmap free security scanner tools and hacking resources. available at http:\/\/insecure.org."},{"key":"e_1_2_1_19_1","unstructured":"Jacobson V. Leres C. and McCanne S. 2007. Tcpdump. available at anonymous@ftp.ee.lbl.gov.  Jacobson V. Leres C. and McCanne S. 2007. Tcpdump. available at anonymous@ftp.ee.lbl.gov."},{"key":"e_1_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1109\/SNPD-SAWN.2005.31"},{"key":"e_1_2_1_21_1","unstructured":"KDD. 1999. KDD Cup 1999 Data. available at http:\/\/kdd.ics.uci.edu\/databases\/kddcup99\/.  KDD. 1999. KDD Cup 1999 Data. available at http:\/\/kdd.ics.uci.edu\/databases\/kddcup99\/."},{"key":"e_1_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1007\/PL00013712"},{"volume-title":"Third Conference on Security and Network Architectures (SAR'04)","author":"Labib K.","key":"e_1_2_1_23_1","unstructured":"Labib , K. and Vemuri , V . 2004. Detecting and visualizing Denial-of-Service and network probe attacks using principal component analysis . In Third Conference on Security and Network Architectures (SAR'04) . La Londe, France. Labib, K. and Vemuri, V. 2004. Detecting and visualizing Denial-of-Service and network probe attacks using principal component analysis. In Third Conference on Security and Network Architectures (SAR'04). La Londe, France."},{"volume-title":"Proceedings of the Third SIAM Conference on Data Mining","author":"Lazarevic A.","key":"e_1_2_1_24_1","unstructured":"Lazarevic , A. , Ertoz , L. , Kumar , V. , Ozgur , A. , and Srivastava , J . 2003. A comparative study of anomaly detection schemes in network intrusion detection . In Proceedings of the Third SIAM Conference on Data Mining . San Francisco, CA. Lazarevic, A., Ertoz, L., Kumar, V., Ozgur, A., and Srivastava, J. 2003. A comparative study of anomaly detection schemes in network intrusion detection. In Proceedings of the Third SIAM Conference on Data Mining. San Francisco, CA."},{"key":"e_1_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/382912.382914"},{"key":"e_1_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1016\/S0167-4048(02)00514-X"},{"key":"e_1_2_1_27_1","unstructured":"Libcap. 2007. Libcap. available at http:\/\/www.tcpdump.org.  Libcap. 2007. Libcap. available at http:\/\/www.tcpdump.org."},{"key":"e_1_2_1_28_1","doi-asserted-by":"crossref","unstructured":"Liu H. and Motoda H. 1998. Feature Extraction Construction and Selection: A Data Mining Perspective. Kluwer Academic Publishers Boston MA.   Liu H. and Motoda H. 1998. Feature Extraction Construction and Selection: A Data Mining Perspective. Kluwer Academic Publishers Boston MA.","DOI":"10.1007\/978-1-4615-5725-8"},{"volume-title":"Proceedings of Seventh Pacific-Asia Conference on Knowledge Discovery and Data Mining","author":"Liu H.","key":"e_1_2_1_29_1","unstructured":"Liu , H. , Yu , L. , Manoranjan , D. , and Motoda , H . 2003. Active feature selection using classes . In Proceedings of Seventh Pacific-Asia Conference on Knowledge Discovery and Data Mining . Seoul, Korea, 474--485. Liu, H., Yu, L., Manoranjan, D., and Motoda, H. 2003. Active feature selection using classes. In Proceedings of Seventh Pacific-Asia Conference on Knowledge Discovery and Data Mining. Seoul, Korea, 474--485."},{"key":"e_1_2_1_30_1","unstructured":"Mathworks. 2007. Matlab. available at http:\/\/www.mathworks.com\/matlabcentral\/.  Mathworks. 2007. Matlab. available at http:\/\/www.mathworks.com\/matlabcentral\/."},{"volume-title":"Usenix Security Symposium. Washington, D.C. 9--22","author":"Moore D.","key":"e_1_2_1_31_1","unstructured":"Moore , D. , Voelker , G. , and Savage , S . 2001. Inferring internet Denial-of-Service activity . In Usenix Security Symposium. Washington, D.C. 9--22 . Moore, D., Voelker, G., and Savage, S. 2001. Inferring internet Denial-of-Service activity. In Usenix Security Symposium. Washington, D.C. 9--22."},{"key":"e_1_2_1_32_1","unstructured":"Moreno A. 2005. Medical applications of multi-agent systems. available at http:\/\/cyber.felk.cvut.cz\/EUNITE03-BIO\/pdf\/Moreno.pdf.  Moreno A. 2005. Medical applications of multi-agent systems. available at http:\/\/cyber.felk.cvut.cz\/EUNITE03-BIO\/pdf\/Moreno.pdf."},{"key":"e_1_2_1_33_1","unstructured":"Oxid. 2006. Irs. available at http:\/\/http:\/\/www.oxid.it\/irs.html.  Oxid. 2006. Irs. available at http:\/\/http:\/\/www.oxid.it\/irs.html."},{"volume-title":"Proceedings of IEEE Conference on Computer Vision and Pattern Recognition (CVPR'94)","author":"Pentland A.","key":"e_1_2_1_34_1","unstructured":"Pentland , A. , Moghaddam , B. , Starner , T. , Oliyide , O. , and Turk , M . 1994. View-based and modular eigenspaces for face recognition . In Proceedings of IEEE Conference on Computer Vision and Pattern Recognition (CVPR'94) . Seattle, WA, 84--91. Pentland, A., Moghaddam, B., Starner, T., Oliyide, O., and Turk, M. 1994. View-based and modular eigenspaces for face recognition. In Proceedings of IEEE Conference on Computer Vision and Pattern Recognition (CVPR'94). Seattle, WA, 84--91."},{"volume-title":"Programs for Machine Learning. Morgan Kaufmann","author":"Quinlan J.","key":"e_1_2_1_35_1","unstructured":"Quinlan , J. 1993. C4.5 : Programs for Machine Learning. Morgan Kaufmann , San Francisco, CA . Quinlan, J. 1993. C4.5: Programs for Machine Learning. Morgan Kaufmann, San Francisco, CA."},{"key":"e_1_2_1_36_1","volume-title":"Proceedings of IJCAI-99 Workshop on Agent Communication Languages","author":"Singh M.","year":"1999","unstructured":"Singh , M. 1999 . A social semantics for agent communication languages . In Proceedings of IJCAI-99 Workshop on Agent Communication Languages . Stockholm, Scandinavia, 75--88. Singh, M. 1999. A social semantics for agent communication languages. In Proceedings of IJCAI-99 Workshop on Agent Communication Languages. Stockholm, Scandinavia, 75--88."},{"volume-title":"Proceedings of the 14th National Computer Science Conference. Washington D.C. 167--176","author":"Snapp S.","key":"e_1_2_1_37_1","unstructured":"Snapp , S. , Bretano , J. , Dias , G. , Goan , T. , Heberlein , L. , Ho , C. , Levitt , K. , Mukherjee , B. , Smaha , S. , Grance , T. , Teal , D. , and Mansur , D . 1991. DIDS (distributed intrusion detection system)---motivation, architecture, and an early prototype . In Proceedings of the 14th National Computer Science Conference. Washington D.C. 167--176 . Snapp, S., Bretano, J., Dias, G., Goan, T., Heberlein, L., Ho, C., Levitt, K., Mukherjee, B., Smaha, S., Grance, T., Teal, D., and Mansur, D. 1991. DIDS (distributed intrusion detection system)---motivation, architecture, and an early prototype. In Proceedings of the 14th National Computer Science Conference. Washington D.C. 167--176."},{"key":"e_1_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1016\/S1389-1286(00)00136-5"},{"key":"e_1_2_1_39_1","unstructured":"TCPTRACE. 2007. available at http:\/\/www.tcptrace.org.  TCPTRACE. 2007. available at http:\/\/www.tcptrace.org."},{"key":"e_1_2_1_40_1","unstructured":"Tou J. and Gonzalez R. 1974. Pattern Recognition Principles. Addison-Wesley MA.  Tou J. and Gonzalez R. 1974. Pattern Recognition Principles. Addison-Wesley MA."},{"key":"e_1_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1109\/BROADNETS.2004.33"},{"key":"e_1_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1016\/S0140-3664(02)00037-3"},{"key":"e_1_2_1_43_1","unstructured":"Weka. 2007. Weka. available at http:\/\/www.cs.waikato.ac.nz\/ml\/weka\/.  Weka. 2007. Weka. available at http:\/\/www.cs.waikato.ac.nz\/ml\/weka\/."},{"key":"e_1_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1109\/SUTC.2006.4"}],"container-title":["ACM Transactions on Autonomous and Adaptive Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1278460.1278463","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/1278460.1278463","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T14:47:29Z","timestamp":1750258049000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1278460.1278463"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2007,9]]},"references-count":44,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2007,9]]}},"alternative-id":["10.1145\/1278460.1278463"],"URL":"https:\/\/doi.org\/10.1145\/1278460.1278463","relation":{},"ISSN":["1556-4665","1556-4703"],"issn-type":[{"type":"print","value":"1556-4665"},{"type":"electronic","value":"1556-4703"}],"subject":[],"published":{"date-parts":[[2007,9]]},"assertion":[{"value":"2007-09-01","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}